发明名称 |
ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD, AND ATTACK DETECTION PROGRAM |
摘要 |
For a plurality of events, event stage information is stored which describes an event observed by an information system when an attack against the information system is underway, a pre-event stage, and a post-event stage. Observed event notice information is received which notifies an observed event observed by the information system. Event stage information is searched for which describes the observed event notified by the observed event notice information. Event stage information is searched for which describes a post-event stage coinciding with a pre-event stage of the event stage information searched for, or a pre-event stage coinciding with a post-event stage of the event stage information searched for. If an event of the event stage information searched for is an observation non-available event that cannot be observed, an event sequence is created by treating the observation non-available event as having been observed and connecting the observed event and the observation non-available event to each other with a dependency. |
申请公布号 |
EP3113061(A1) |
申请公布日期 |
2017.01.04 |
申请号 |
EP20140883911 |
申请日期 |
2014.02.26 |
申请人 |
Mitsubishi Electric Corporation |
发明人 |
IJIRO, Hideaki;KAWAUCHI, Kiyoto |
分类号 |
G06F21/55 |
主分类号 |
G06F21/55 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|